Banshee Malware Targets MacOS Users With New Stealth Features

Check Point Research (CPR) has been tracking a dangerous version of Banshee, a malware targeting macOS users since September 2024.

Banshee is capable of stealing sensitive information such as browser credentials, cryptocurrency wallet data, and passwords, as reported in the new analysis by CPR.

According to the researchers, the malware has managed to remain undetected for over two months, thanks to a modification of Apple’s XPng torotect encryption, which prevents antivirus systems from identifying it.

Banshee is typically distributed through phishing websites and fake GitHub repositories, often posing as popular software like Chrome, Telegram, or TradingView. Once installed, Banshee silently runs in the background, stealing data from browsers like Chrome, Brave, and Edge.

It also targets cryptocurrency wallet extensions and Two-Factor Authentication (2FA) credentials, sending the stolen information to remote servers, as reported by CPR.

The researchers say that a significant change in the latest version of Banshee is the removal of a feature that previously halted its operations if the Russian language was detected. This update broadens the malware’s potential victim pool, indicating an expansion of its global reach.

Despite the leak of Banshee’s source code in November 2024, which helped antivirus systems detect the malware more effectively, phishing campaigns continue to distribute it. This leak also raises concerns that other cybercriminals may develop new variants of Banshee, says CPR.

With macOS devices now used by over 100 million people worldwide, the Banshee Stealer campaign emphasizes the increasing risks to macOS users. “This new Banshee Stealer variant exposes a critical gap in Mac security,” said Ms. Ngoc Bui, a cybersecurity expert at Menlo Security, as reported by Forbes.

“While companies are increasingly adopting Apple ecosystems, the security tools haven’t kept pace. We need a multi-layered approach to security, including more trained hunters on Mac environments,” he added.

Privileged access management, once considered a nice-to-have feature, has now become a cornerstone of modern cybersecurity for business users. The Banshee Stealer threat underscores the urgency of this shift.

“By restricting access and ensuring that elevated permissions are granted only when necessary,” Scobey explained, “privileged access management significantly reduces the attack surface for threats like Banshee,” as reported by Forbes

When combined with endpoint protection and robust password management, privileged access management offers a powerful defense against such exploits.

“The time has come for businesses to shift from reactive to proactive security strategies,” Scobey emphasized, Forbes. He concluded, “Malware like Banshee thrives on gaps in vigilance and access controls. By prioritizing advanced tools, user education, and layered defenses, organizations can stay ahead in the race against evolving cyber threats.”

The malware’s sophistication proves that even operating systems traditionally seen as secure, like macOS, are vulnerable to targeted cyberattacks. Both businesses and individuals must be vigilant and adopt advanced cybersecurity measures to protect against evolving threats like Banshee.